Støtte for å legge til auth-token som hentes fra maskinporten (#1374)

navikt · Aug 12, 2024 · e64c387 · e64c387
1 parent 45f2651
commit e64c387
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 17 deletions.
diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/TokenProvider.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/TokenProvider.java
@@ -71,7 +71,11 @@ public static OpenIDToken getTokenXFraKontekst() {
     }
 
     public static OpenIDToken getTokenForSystem(OpenIDProvider provider, String scopes) {
-        return OpenIDProvider.AZUREAD.equals(provider) ? getAzureSystemToken(scopes) : getStsSystemToken();
+        return switch (provider) {
+            case AZUREAD -> getAzureSystemToken(scopes);
+            case STS -> getStsSystemToken();
+            case TOKENX -> throw new IllegalStateException("Ikke bruk TokenX til kall i systemkontekst");
+        };
     }
 
     // Endre til AzureClientId ved overgang til system = azure

diff --git a/.../rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/OidcContextSupplier.java b/.../rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/OidcContextSupplier.java
@@ -18,20 +18,11 @@ public Supplier<String> consumerIdFor(SikkerhetContext context) {
         return () -> TokenProvider.getConsumerIdFor(context);
     }
 
-    public Supplier<OpenIDToken> tokenForSystem() {
-        return TokenProvider::getTokenForSystem;
+    public Supplier<OpenIDToken> tokenForSystem(OpenIDProvider provider, String scopes) {
+        return () -> TokenProvider.getTokenForSystem(provider, scopes);
     }
 
     public Supplier<OpenIDToken> adaptive(String scopes) {
         return () -> TokenProvider.getTokenForKontekst(scopes);
     }
-
-    public Supplier<OpenIDToken> azureTokenForSystem(String scopes) {
-        return () -> TokenProvider.getTokenForSystem(OpenIDProvider.AZUREAD, scopes);
-    }
-
-    public Supplier<OpenIDToken> consumerToken() {
-        return TokenProvider::getTokenForSystem;
-    }
-
 }
diff --git a/integrasjon/rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/RestRequest.java b/integrasjon/rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/RestRequest.java
@@ -11,11 +11,11 @@
 
 import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.MediaType;
-
 import no.nav.vedtak.klient.http.HttpClientRequest;
 import no.nav.vedtak.log.mdc.MDCOperations;
 import no.nav.vedtak.mapper.json.DefaultJsonMapper;
 import no.nav.vedtak.sikkerhet.kontekst.SikkerhetContext;
+import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider;
 import no.nav.vedtak.sikkerhet.oidc.token.OpenIDToken;
 
 /**
@@ -124,6 +124,13 @@ public RestRequest otherCallId(String header) {
         return this;
     }
 
+    // For tilfelle med ikke-standard utgående token. Set NO-AUTH og suppler token her
+    public RestRequest otherAuthorizationSupplier(Supplier<String> tokenSupplier) {
+        super.delayedHeader(HttpHeaders.AUTHORIZATION, () -> OIDC_AUTH_HEADER_PREFIX + tokenSupplier.get())
+            .validator(RestRequest::validateRestHeaders);
+        return this;
+    }
+
     @Override
     public RestRequest validator(Consumer<HttpRequest> validator) {
         super.validator(validator);
@@ -141,7 +148,7 @@ private static HttpRequest.Builder getHttpRequestBuilder(Method method, URI targ
     }
 
     private RestRequest consumerToken() {
-        delayedHeader(NavHeaders.HEADER_NAV_CONSUMER_TOKEN, () -> OIDC_AUTH_HEADER_PREFIX + CONTEXT_SUPPLIER.consumerToken().get().token());
+        delayedHeader(NavHeaders.HEADER_NAV_CONSUMER_TOKEN, () -> OIDC_AUTH_HEADER_PREFIX + CONTEXT_SUPPLIER.tokenForSystem(OpenIDProvider.STS, null).get().token());
         return this;
     }
 
@@ -160,15 +167,15 @@ private static Supplier<String> ensureCallId() {
     private static Supplier<OpenIDToken> selectTokenSupplier(TokenFlow tokenConfig, String scopes) {
         return switch (tokenConfig) {
             case ADAPTIVE -> CONTEXT_SUPPLIER.adaptive(scopes);
-            case STS_CC, STS_ADD_CONSUMER -> CONTEXT_SUPPLIER.tokenForSystem();
-            case AZUREAD_CC -> CONTEXT_SUPPLIER.azureTokenForSystem(scopes);
+            case STS_CC, STS_ADD_CONSUMER -> CONTEXT_SUPPLIER.tokenForSystem(OpenIDProvider.STS, null);
+            case AZUREAD_CC -> CONTEXT_SUPPLIER.tokenForSystem(OpenIDProvider.AZUREAD, scopes);
             case NO_AUTH_NEEDED -> throw new IllegalArgumentException("No supplier needed");
         };
     }
 
     private static Supplier<String> selectConsumerId(TokenFlow tokenConfig) {
         return switch (tokenConfig) {
-            case STS_CC, AZUREAD_CC -> CONTEXT_SUPPLIER.consumerIdFor(SikkerhetContext.SYSTEM);
+            case STS_CC, STS_ADD_CONSUMER, AZUREAD_CC -> CONTEXT_SUPPLIER.consumerIdFor(SikkerhetContext.SYSTEM);
             default -> CONTEXT_SUPPLIER.consumerIdForCurrentKontekst();
         };
     }